1 line
No EOL
58 KiB
XML
1 line
No EOL
58 KiB
XML
<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:media="http://search.yahoo.com/mrss/"><category term="cybersecurity" label="r/cybersecurity"/><updated>2023-01-28T12:52:21+00:00</updated><icon>https://www.redditstatic.com/icon.png/</icon><id>/r/cybersecurity.rss</id><link rel="self" href="https://www.reddit.com/r/cybersecurity.rss" type="application/atom+xml" /><link rel="alternate" href="https://www.reddit.com/r/cybersecurity" type="text/html" /><subtitle>A community for current or aspiring technical professionals to discuss cybersecurity, threats, etc.</subtitle><title>cybersecurity</title><entry><author><name>/u/AutoModerator</name><uri>https://www.reddit.com/user/AutoModerator</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do <em>you</em> want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!</p> <p>Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we&#39;re working on making this more easily searchable for the future.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/AutoModerator"> /u/AutoModerator </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10iydbl/mentorship_monday_post_all_career_education_and/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10iydbl/mentorship_monday_post_all_career_education_and/">[comments]</a></span></content><id>t3_10iydbl</id><link href="https://www.reddit.com/r/cybersecurity/comments/10iydbl/mentorship_monday_post_all_career_education_and/" /><updated>2023-01-23T00:00:11+00:00</updated><published>2023-01-23T00:00:11+00:00</published><title>Mentorship Monday - Post All Career, Education and Job questions here!</title></entry><entry><author><name>/u/AutoModerator</name><uri>https://www.reddit.com/user/AutoModerator</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Hello!</p> <p>We are experienced Digital Forensics &amp; Incident Response (DFIR) professionals with experience from Dell Secureworks, Artic Wolf Networks, ZeroFox, DoD, and more with nearly 20 years of experience. From negotiating with Threat Actors to meeting with attorneys and boards of directors, ransomware, recovery and everything in between, we have been there. We recognize that there is a skill gap in our industry affecting organizations internationally and that this is a field with a steep learning curve. Therefore, we have just released both a free and paid course for those looking to get into the field of DFIR, which you can find by going to our discord (<a href="https://discord.poppopret.co">discord.poppopret.co</a>) or checking out our website (<a href="https://poppopret.training">poppopret.training</a>).</p> <p>Today, Zach Dayton (<a href="https://www.reddit.com/u/zikamiri">/u/zikamiri</a>) and TJ Nelson (<a href="https://www.reddit.com/u/mikiozen">/u/mikiozen</a>) are here to answer any questions you have about digital forensics, incident response, helping businesses recover from an attack, and starting your career!</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/AutoModerator"> /u/AutoModerator </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10khl4i/we_are_the_poppopret_ppr_team_ask_us_anything/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10khl4i/we_are_the_poppopret_ppr_team_ask_us_anything/">[comments]</a></span></content><id>t3_10khl4i</id><link href="https://www.reddit.com/r/cybersecurity/comments/10khl4i/we_are_the_poppopret_ppr_team_ask_us_anything/" /><updated>2023-01-24T22:00:14+00:00</updated><published>2023-01-24T22:00:14+00:00</published><title>We are the POPPOPRET (PPR) team - ask us anything about Digital Forensics & Incident Response!</title></entry><entry><author><name>/u/BitContent6259</name><uri>https://www.reddit.com/user/BitContent6259</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>A technical person could achieve this with running a browser inside Qube OS, Docker or virtual machines, but still no mainstream software exists where common people can use internet safely.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/BitContent6259"> /u/BitContent6259 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mumck/why_is_there_still_no_browser_and_email_client/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mumck/why_is_there_still_no_browser_and_email_client/">[comments]</a></span></content><id>t3_10mumck</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mumck/why_is_there_still_no_browser_and_email_client/" /><updated>2023-01-27T20:07:13+00:00</updated><published>2023-01-27T20:07:13+00:00</published><title>Why is there still no browser and email client where you can open malicious links and documents without infecting the rest of the OS?</title></entry><entry><author><name>/u/criticalhitu</name><uri>https://www.reddit.com/user/criticalhitu</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Hello,</p> <p>I had a question around the cyber security industry and the reputation of a company like Crowdstrike. I’m a current employee, basically a SME in Falcon helping customers with all aspects of the platform.</p> <p>My question is around CrowdStrike in general, would having a job at crowdstrike be “coveted” at other security firms? I’m new in security and I’ve heard great things, and I can definitely feel it while working here, but curious about its reputation. Would having CS in your resume open doors?</p> <p>Thanks!</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/criticalhitu"> /u/criticalhitu </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n8ab4/crowdstrike_career_reputation/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n8ab4/crowdstrike_career_reputation/">[comments]</a></span></content><id>t3_10n8ab4</id><link href="https://www.reddit.com/r/cybersecurity/comments/10n8ab4/crowdstrike_career_reputation/" /><updated>2023-01-28T06:31:24+00:00</updated><published>2023-01-28T06:31:24+00:00</published><title>Crowdstrike Career Reputation</title></entry><entry><author><name>/u/Showenup</name><uri>https://www.reddit.com/user/Showenup</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html">&#32; submitted by &#32; <a href="https://www.reddit.com/user/Showenup"> /u/Showenup </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10ndxdq/how_good_is_passwordless_technology_right_now/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10ndxdq/how_good_is_passwordless_technology_right_now/">[comments]</a></span></content><id>t3_10ndxdq</id><link href="https://www.reddit.com/r/cybersecurity/comments/10ndxdq/how_good_is_passwordless_technology_right_now/" /><updated>2023-01-28T12:26:56+00:00</updated><published>2023-01-28T12:26:56+00:00</published><title>How good is passwordless technology right now?</title></entry><entry><author><name>/u/itgk29</name><uri>https://www.reddit.com/user/itgk29</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>I&#39;ve been doing quite a bit of reading on HSTS and have the following questions that I was hoping you all could help me answer. </p> <p>&#x200B;</p> <p>The <a href="https://www.rfc-editor.org/rfc/rfc6797">HSTS RFC</a> states:</p> <blockquote> <p>An HSTS Host MUST NOT include the STS header field in HTTP responses conveyed over non-secure transport.</p> </blockquote> <p>and </p> <blockquote> <p>If an HTTP response is received over insecure transport, the UA MUST ignore any present STS header field(s).</p> </blockquote> <p>&#x200B;</p> <p>My question is:</p> <ul> <li>If a web server sends an HSTS header over HTTP (and HTTPS), will this behavior trip up a vulnerability scanner (e.g. mark it as a vulnerability or an informational finding) because the server is doing something that the RFC said not to?</li> </ul> <p>&#x200B;</p> <p>I&#39;m implementing HSTS on Microsoft IIS, and there are two ways to do it:</p> <ol> <li>Using Response Headers on the server or site, in which case the HSTS headers are sent for HTTP and HTTPS</li> <li>Using URL Rewriting, in which case you can instruct the site to only send the HSTS headers over HTTPS connections </li> </ol> <p>&#x200B;</p> <p>The website in question is behind a load balancer, with the load balancer handling HTTP to HTTPS redirects and doing SSL offloading, so there&#39;s only HTTP from the load balancer to the web site (please, save the finger-wagging for another time). With that, my only option is #1 above, which means that the site will always send the HSTS header, even over HTTP. I&#39;m wondering if a vulnerability scanner will flag it as a vulnerability or something that must be &quot;remediated.&quot;</p> <p>&#x200B;</p> <p>Thank you!</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/itgk29"> /u/itgk29 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n7xio/hsts_header_sent_over_http_and_https_as_well/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n7xio/hsts_header_sent_over_http_and_https_as_well/">[comments]</a></span></content><id>t3_10n7xio</id><link href="https://www.reddit.com/r/cybersecurity/comments/10n7xio/hsts_header_sent_over_http_and_https_as_well/" /><updated>2023-01-28T06:10:25+00:00</updated><published>2023-01-28T06:10:25+00:00</published><title>HSTS header sent over HTTP (and HTTPS as well)</title></entry><entry><author><name>/u/m3moryhous3</name><uri>https://www.reddit.com/user/m3moryhous3</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>I cranked out another project and have a new CTF that is available that is inspired by Darknet Diaries EP 75. This room allows you to discover how the Intelligence Agency&#39;s communications to contact foreign assets were compromised </p> <p>I highly recommend listening to the podcast episode and checking out my room if you want to get a little glimpse of a real world scenario </p> <p><a href="https://tryhackme.com/jr/compromisedcomms">https://tryhackme.com/jr/compromisedcomms</a></p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/m3moryhous3"> /u/m3moryhous3 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mib7v/i_made_a_ctf_inspired_by_darknet_diaries_ep_75/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mib7v/i_made_a_ctf_inspired_by_darknet_diaries_ep_75/">[comments]</a></span></content><id>t3_10mib7v</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mib7v/i_made_a_ctf_inspired_by_darknet_diaries_ep_75/" /><updated>2023-01-27T11:08:28+00:00</updated><published>2023-01-27T11:08:28+00:00</published><title>I made a CTF inspired by Darknet Diaries EP 75</title></entry><entry><author><name>/u/markcartertm</name><uri>https://www.reddit.com/user/markcartertm</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10mim5t/dutch_man_arrested_for_stealing_data_on_nearly/"> <img src="https://external-preview.redd.it/fw-cH82L87Geh61d-ljogr2kxO6l5aKNc510oZPA-Qc.jpg?width=320&amp;crop=smart&amp;auto=webp&amp;s=106abdeec003670a574e12a19fdbf6a3f0473a23" alt="Dutch man arrested for stealing data on nearly every Austrian citizen" title="Dutch man arrested for stealing data on nearly every Austrian citizen" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/markcartertm"> /u/markcartertm </a> <br/> <span><a href="https://www.computing.co.uk/news/4066201/dutch-man-arrested-stealing-nearly-austrian-citizen">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mim5t/dutch_man_arrested_for_stealing_data_on_nearly/">[comments]</a></span> </td></tr></table></content><id>t3_10mim5t</id><media:thumbnail url="https://external-preview.redd.it/fw-cH82L87Geh61d-ljogr2kxO6l5aKNc510oZPA-Qc.jpg?width=320&crop=smart&auto=webp&s=106abdeec003670a574e12a19fdbf6a3f0473a23" /><link href="https://www.reddit.com/r/cybersecurity/comments/10mim5t/dutch_man_arrested_for_stealing_data_on_nearly/" /><updated>2023-01-27T11:27:41+00:00</updated><published>2023-01-27T11:27:41+00:00</published><title>Dutch man arrested for stealing data on nearly every Austrian citizen</title></entry><entry><author><name>/u/XToEveryEnemyX</name><uri>https://www.reddit.com/user/XToEveryEnemyX</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Previously I made a post regarding the 60 minute technical interview and let me tell you it was ROUGH. Example. They gave me a hash and gave me 60 seconds to solve it. I could identify it as base64 and when it was decoded it was hex so I decoded that and was good to go. I was asked &quot;how do you know it&#39;s base64?&quot; I can&#39;t really answer that. It&#39;s one of those things that you just know by looking it. </p> <p>I was given sample malware and was asked to figure out what kind it was or something like that. VirusTotal was the first thing I used as it&#39;s simple and reliable. The interviewer proceeded to ask me would I claim something is malicious just because VirusTotal said it was? I&#39;m thinking well I&#39;ve used this platform for years and it&#39;s been mostly accurate I&#39;m not seeing the issue. </p> <p>The part that was REALLY weird was the questionnaire. &quot;What is the TCP RST Flag?&quot; I answered it. &quot;Give me an example&quot; Gave them one but apparently I needed to provide multiple answers and off the top of my head I could not think of it lol</p> <p>Throughout the interview he&#39;s getting visually frustrated. Some questions he asked, I asked if he can clarify because I wouldn&#39;t want to answer it incorrectly (apparently that wasn&#39;t a good idea) </p> <p>All in all I can definitely say that interview didn&#39;t go well but when they had me doing the hands-on stuff I solved it pretty quickly but for fucks sake it felt like an interrogation 😂</p> <p>Just be prepared for things like that guys. They WILL grill you. Some might be more understanding but I didn&#39;t get that luxury lol</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/XToEveryEnemyX"> /u/XToEveryEnemyX </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mqxyp/technical_interview_update/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mqxyp/technical_interview_update/">[comments]</a></span></content><id>t3_10mqxyp</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mqxyp/technical_interview_update/" /><updated>2023-01-27T17:43:57+00:00</updated><published>2023-01-27T17:43:57+00:00</published><title>Technical Interview update</title></entry><entry><author><name>/u/Realistic-Plant3957</name><uri>https://www.reddit.com/user/Realistic-Plant3957</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10mp8va/critical_bug_could_trigger_traffic_chaos_software/"> <img src="https://external-preview.redd.it/_UzLDtGdR2LFdBcrJbhkWfqz8_PfXY3HchMibtN03_s.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=5e24e2c3e99cbf32eb46fcc92acc606f1b18441a" alt="Critical bug could trigger traffic chaos: Software vendor ignores outreach" title="Critical bug could trigger traffic chaos: Software vendor ignores outreach" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Realistic-Plant3957"> /u/Realistic-Plant3957 </a> <br/> <span><a href="https://thestack.technology/econolite-traffic-controller-vulnerability-cisa-ics/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mp8va/critical_bug_could_trigger_traffic_chaos_software/">[comments]</a></span> </td></tr></table></content><id>t3_10mp8va</id><media:thumbnail url="https://external-preview.redd.it/_UzLDtGdR2LFdBcrJbhkWfqz8_PfXY3HchMibtN03_s.jpg?width=640&crop=smart&auto=webp&s=5e24e2c3e99cbf32eb46fcc92acc606f1b18441a" /><link href="https://www.reddit.com/r/cybersecurity/comments/10mp8va/critical_bug_could_trigger_traffic_chaos_software/" /><updated>2023-01-27T16:36:15+00:00</updated><published>2023-01-27T16:36:15+00:00</published><title>Critical bug could trigger traffic chaos: Software vendor ignores outreach</title></entry><entry><author><name>/u/outernetz</name><uri>https://www.reddit.com/user/outernetz</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10na27d/how_noob_website_hackers_can_become_persistent/"> <img src="https://external-preview.redd.it/29RwfrSR4j94xQhr5UzWCg2nFVtdHtO1NFrj3agiCT0.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=6a6b29bea80584f5525bb5a99d9ad45044bd031c" alt="How Noob Website Hackers Can Become Persistent Threats" title="How Noob Website Hackers Can Become Persistent Threats" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/outernetz"> /u/outernetz </a> <br/> <span><a href="https://www.darkreading.com/attacks-breaches/noob-hackers-become-persistent-threats">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10na27d/how_noob_website_hackers_can_become_persistent/">[comments]</a></span> </td></tr></table></content><id>t3_10na27d</id><media:thumbnail url="https://external-preview.redd.it/29RwfrSR4j94xQhr5UzWCg2nFVtdHtO1NFrj3agiCT0.jpg?width=640&crop=smart&auto=webp&s=6a6b29bea80584f5525bb5a99d9ad45044bd031c" /><link href="https://www.reddit.com/r/cybersecurity/comments/10na27d/how_noob_website_hackers_can_become_persistent/" /><updated>2023-01-28T08:20:42+00:00</updated><published>2023-01-28T08:20:42+00:00</published><title>How Noob Website Hackers Can Become Persistent Threats</title></entry><entry><author><name>/u/Sultan_Of_Ping</name><uri>https://www.reddit.com/user/Sultan_Of_Ping</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Quick question that feels like obvious but I&#39;m starting to second-guess myself, so maybe the ISO lead auditors around can clarify this to me.</p> <p>When an ISO 27001 audit is done in organisation, and especially the implementation of its security controls, is the audit done against ISO 27001 or against the organisation policy?</p> <p>Here&#39;s an example: A.9.2.5 requires that &quot;Asset owners shall review user&#39;s access rights at regular intervals&quot;. But the organisation actual Security Policy may be more detailed, specifying the actual periodicity of this review, or even requires different periodicity depending on how privileged is the access. What is going to be verified in the audit? That the actual Policy is implemented, or simply that the vague ISO requirement is respected?</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Sultan_Of_Ping"> /u/Sultan_Of_Ping </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mvdgb/iso_27001_compliance_question/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mvdgb/iso_27001_compliance_question/">[comments]</a></span></content><id>t3_10mvdgb</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mvdgb/iso_27001_compliance_question/" /><updated>2023-01-27T20:37:55+00:00</updated><published>2023-01-27T20:37:55+00:00</published><title>ISO 27001 compliance question</title></entry><entry><author><name>/u/dlorenc</name><uri>https://www.reddit.com/user/dlorenc</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10mrn3a/justice_dept_dismantles_a_major_ransomware/"> <img src="https://external-preview.redd.it/kMLQ-j5mB8dURg5Jr-uK438s5eDvD7rPITdugqgWKsA.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=25c26b385d61a7746a20d1c4e1f08ba266ee30a3" alt="Justice Dept. Dismantles a Major Ransomware Operation" title="Justice Dept. Dismantles a Major Ransomware Operation" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/dlorenc"> /u/dlorenc </a> <br/> <span><a href="https://www.nytimes.com/2023/01/26/us/politics/justice-department-ransomware-hive.html">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mrn3a/justice_dept_dismantles_a_major_ransomware/">[comments]</a></span> </td></tr></table></content><id>t3_10mrn3a</id><media:thumbnail url="https://external-preview.redd.it/kMLQ-j5mB8dURg5Jr-uK438s5eDvD7rPITdugqgWKsA.jpg?width=640&crop=smart&auto=webp&s=25c26b385d61a7746a20d1c4e1f08ba266ee30a3" /><link href="https://www.reddit.com/r/cybersecurity/comments/10mrn3a/justice_dept_dismantles_a_major_ransomware/" /><updated>2023-01-27T18:11:10+00:00</updated><published>2023-01-27T18:11:10+00:00</published><title>Justice Dept. Dismantles a Major Ransomware Operation</title></entry><entry><author><name>/u/CISO_Series_Producer</name><uri>https://www.reddit.com/user/CISO_Series_Producer</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Below are the top headlines we’ve been reporting this whole week on Cyber Security Headlines.</p> <p>If you’d like to hear and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week&#39;s stories. Our guest this week is <strong>Kathleen Mullin, CISO, Cancer Treatment Centers of America</strong>.</p> <p>To get involved you can watch live and participate in the discussion on <a href="https://youtu.be/XDnS1OHt-qw">YouTube Live</a> or you can <a href="https://cisoseries.com/subscribe-podcast/">subscribe to the Cyber Security Headlines podcast</a> and get it into your feed.</p> <p>Here are some of the stories we&#39;ll be covering:</p> <p><strong>FBI seizes Hive ransomware group infrastructure after lurking in servers for months</strong><br/> After seven months spent lurking inside the notorious ransomware group’s networks, swiping decryption keys for its victims, the FBI and international partners seized infrastructure behind Hive ransomware attacks. Since June 2021, Hive has targeted more than 1,500 victims globally. While staking out Hive’s network, the FBI disrupted multiple attacks, including ones against a Louisiana hospital, a food services company and a Texas school district. Deputy Attorney General Lisa O. Monaco said during a press conference Thursday, “In a 21st-century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million in ransomware payments,” “Simply put, using lawful means we hacked the hackers.”<br/> (<a href="https://cyberscoop.com/fbi-europol-hive-ransomware-group/">Cyberscoop</a>)</p> <p><strong>PayPal accounts breached in large-scale credential stuffing attack</strong><br/> PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. PayPal explains that the attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time and by December 20, 2022, it confirmed that unauthorized third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them. Almost 35,000 users have been impacted by the incident, during which hackers had access to account holders’ full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.<br/> (<a href="https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/">Bleeping Computer</a>)</p> <p><strong>ODIN Intelligence hack exposes a huge trove of police raid files</strong><br/> Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend. The group behind the breach said in a message left on ODIN’s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, was insecure and spilling sensitive data about upcoming police operations to the open web. The hackers also published the company’s Amazon Web Services private keys for accessing its cloud-stored data and claimed to have “shredded” the company’s data and backups but not before exfiltrating gigabytes of data from ODIN’s systems.<br/> (<a href="https://techcrunch.com/2023/01/21/odin-intelligence-breach-police-surveillance/">TechCrunch</a>)</p> <p><strong>Zero Trust will not mitigate over half of attacks</strong><br/> According to a new report from Gartner, just one in 10 large enterprises will have a “mature and measurable” zero trust program in place by 2026. Gartner warned that, over the next three years, more than half of all cyber-attacks will be focused in areas that zero trust controls don’t mitigate. Gartner cited API attacks, social engineering, and exploitation of other employee-created control bypasses as examples of areas not protected by ZTAs. Despite this, Gartner says that ZTA still reduces risk and limits the impact of many threats.<br/> (<a href="https://www.infosecurity-magazine.com/news/gartner-zero-trust-wont-mitigate/">Infosecurity Magazine</a>)</p> <p><strong>GoTo says hackers stole encrypted backups and MFA settings</strong><br/> GoTo CEO Paddy Srinivasan confirmed that last August’s security breach affecting its LastPass affiliate had a much broader impact than originally reported. The hack resulted in theft of account usernames, salted and hashed passwords, product settings and licensing information. Additionally, encrypted backups were exfiltrated from a third-party cloud storage service along with the encryption key for a portion of the backups. Stolen backups affected its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products. Also, a small number of Rescue and GoToMyPC customers had their MFA settings compromised. GoTo says it is resetting passwords and MFA settings of affected users. The company is also migrating accounts to a more secure Identity Management Platform.<br/> (<a href="https://www.securityweek.com/goto-says-hackers-stole-encrypted-backups-mfa-settings/">SecurityWeek</a>)</p> <p><strong>Government Accountability Office names and shames</strong><br/> Since 2010, the US Government Accountability Office released 335 public cybersecurity recommendations to federal agencies. Last week, it disclosed that federal agencies still need to implement 190 of them. In a long term review of this issue, the GAO said that a 2020 review of 23 civilian agencies found that non have fully implemented foundational practices for supply chain risk management, with 14 not implementing any of them. The office warned that not improving compliance could lead to “disrupted mission operations, theft of intellectual property, and harm to individuals.”<br/> (<a href="https://www.infosecurity-magazine.com/news/federal-agencies-ignore-gaos/">InfoSecurity Magazine</a>)</p> <p><strong>A look at North Korean crypto stealing tactics</strong><br/> The Record’s Jonathan Greig broke down a recently report on these tactics from Proofpoint, highlighting the work of the APT TA444. The report describes the group as working “with a startup mentality and a passion for cryptocurrency.” While the groups activities overlap with other North Korean-linked threat actors, like Lazarus Group, it stands out as seemingly only interested in generating revenue, rather than cyber espionage. In the past, the group spread malware through malicious documents, but in 2022 expanded to using email marketing tools. These tools allowed it to more easily get past spam filters and seem legitimate. It combines this with aggressive social media strategies, contacting potential victims on LinkedIn with faked job offers. The United States Treasury Department estimates the group used various cryptocurrency mixers to launder over $120 million.<br/> (<a href="https://therecord.media/north-korean-hackers-use-fake-job-offers-salary-bumps-as-lure-for-crypto-theft/">The Record</a>)</p> <p><strong>The need for EV cybersecurity roadmaps</strong><br/> The Office of the National Cyber Director (ONCD) recently hosted a forum with government leaders and private companies to assess both current and emerging cybersecurity threats involving electric vehicles (EVs). The most infamous story to date concerns a 19-year-old security researcher who, in early 2022, was able to hack into 25 Teslas around the world using a third-party, open-source logging tool known as Teslamate. Other threat vectors that the industry is watching include: Connected vehicle systems such as navigation and optimal route planning that may enable access key systems and put drivers at risk, charging stations that can become a path to exfiltrate driver data, and the use of infected cards to attack a local power grid while charging. This forum and similar gatherings are looking to establish greater transparency and communication between OEMs as well as urging for stronger password security within the many computers built into the vehicles.<br/> (<a href="https://securityintelligence.com/articles/need-ev-cybersecurity-roadmaps/">Security Intelligence</a>)</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/CISO_Series_Producer"> /u/CISO_Series_Producer </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mnj2y/top_cybersecurity_stories_for_the_week_of_012323/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mnj2y/top_cybersecurity_stories_for_the_week_of_012323/">[comments]</a></span></content><id>t3_10mnj2y</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mnj2y/top_cybersecurity_stories_for_the_week_of_012323/" /><updated>2023-01-27T15:26:39+00:00</updated><published>2023-01-27T15:26:39+00:00</published><title>Top cybersecurity stories for the week of 01-23-23 to 01-27-23</title></entry><entry><author><name>/u/Practical-Payment-10</name><uri>https://www.reddit.com/user/Practical-Payment-10</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10n04pv/researchers_discover_new_plugx_malware_variant/"> <img src="https://external-preview.redd.it/4JLVZB-S6IEidGX0oshjzM9wOiY8imPtqoM4-nWDQY0.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=943f2a5cc21618f7d1b46f0d2ff51b6502819887" alt="Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices" title="Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Practical-Payment-10"> /u/Practical-Payment-10 </a> <br/> <span><a href="https://thehackernews.com/2023/01/researchers-discover-new-plugx-malware.html?m=1">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n04pv/researchers_discover_new_plugx_malware_variant/">[comments]</a></span> </td></tr></table></content><id>t3_10n04pv</id><media:thumbnail url="https://external-preview.redd.it/4JLVZB-S6IEidGX0oshjzM9wOiY8imPtqoM4-nWDQY0.jpg?width=640&crop=smart&auto=webp&s=943f2a5cc21618f7d1b46f0d2ff51b6502819887" /><link href="https://www.reddit.com/r/cybersecurity/comments/10n04pv/researchers_discover_new_plugx_malware_variant/" /><updated>2023-01-27T23:51:56+00:00</updated><published>2023-01-27T23:51:56+00:00</published><title>Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices</title></entry><entry><author><name>/u/digicat</name><uri>https://www.reddit.com/user/digicat</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10n6rbv/bluepurple_pulse_week_ending_january_29th/"> <img src="https://external-preview.redd.it/NAK_3Aisz1HZeWWAf1aHrIRTHohC4jjpTsjWRxN1-_U.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=f9bbf3fa20b76c8423d8ade155216bad9e3e8924" alt="Bluepurple Pulse: week ending January 29th" title="Bluepurple Pulse: week ending January 29th" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/digicat"> /u/digicat </a> <br/> <span><a href="https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-january-c18">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n6rbv/bluepurple_pulse_week_ending_january_29th/">[comments]</a></span> </td></tr></table></content><id>t3_10n6rbv</id><media:thumbnail url="https://external-preview.redd.it/NAK_3Aisz1HZeWWAf1aHrIRTHohC4jjpTsjWRxN1-_U.jpg?width=640&crop=smart&auto=webp&s=f9bbf3fa20b76c8423d8ade155216bad9e3e8924" /><link href="https://www.reddit.com/r/cybersecurity/comments/10n6rbv/bluepurple_pulse_week_ending_january_29th/" /><updated>2023-01-28T05:04:01+00:00</updated><published>2023-01-28T05:04:01+00:00</published><title>Bluepurple Pulse: week ending January 29th</title></entry><entry><author><name>/u/TheMemeExpertExpert</name><uri>https://www.reddit.com/user/TheMemeExpertExpert</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>I&#39;ve recently joined a SOC (Security Operations Center) and was asked to design the first in-house data quality tool. </p> <p>The data itself is the data collected by our different agents spread across all of IT (infrastructure, software, cloud environments...etc), which is parsed, formatted then used in our SIEM (in our case Sentinel). </p> <p>So far, I&#39;ve managed to design a first metric around completeness (depending on the collector behind the data), but am stuck thinking about other metrics, what do you recommend? I&#39;ve thought about consistency (checking whether formatting matches expectations).</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/TheMemeExpertExpert"> /u/TheMemeExpertExpert </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n1ge8/questions_from_a_software_engineer_to_my_cyber/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n1ge8/questions_from_a_software_engineer_to_my_cyber/">[comments]</a></span></content><id>t3_10n1ge8</id><link href="https://www.reddit.com/r/cybersecurity/comments/10n1ge8/questions_from_a_software_engineer_to_my_cyber/" /><updated>2023-01-28T00:47:44+00:00</updated><published>2023-01-28T00:47:44+00:00</published><title>Questions from a Software engineer to my cyber security buddies</title></entry><entry><author><name>/u/twrolsto</name><uri>https://www.reddit.com/user/twrolsto</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>So, it seems the number of folks firing off poor quality phishes using Google accounts to &quot;have my banking information updated&quot; is on the rise. I&#39;m getting several a day now.</p> <p>I tend to engage them just enough to get their bank/routing number then block them at the mail gateway and report them to the fraud department of the bank (what is it about Sioux Falls and these scammers, anyway?)</p> <p>That&#39;s usually the end of it.</p> <p>Lately, though, I get more and more of them coming back to me asking follow-up questions. For example, I have our (totally legitimate and not a scammer) head of HR, &quot;Brian&quot; asking me for a status update on his request from yesterday.</p> <p>So, how would you handle that? More to the point, I&#39;m looking for amusing hoops to send the guy through while I wait on their bank&#39;s fraud department to respond.</p> <p>Ideas?</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/twrolsto"> /u/twrolsto </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mvrh8/funniest_way_to_string_a_phisher_along_amusing/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mvrh8/funniest_way_to_string_a_phisher_along_amusing/">[comments]</a></span></content><id>t3_10mvrh8</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mvrh8/funniest_way_to_string_a_phisher_along_amusing/" /><updated>2023-01-27T20:54:07+00:00</updated><published>2023-01-27T20:54:07+00:00</published><title>Funniest way to string a phisher along - Amusing Friday afternoon post/question.</title></entry><entry><author><name>/u/iingot</name><uri>https://www.reddit.com/user/iingot</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><table> <tr><td> <a href="https://www.reddit.com/r/cybersecurity/comments/10lxapk/us_announces_it_seized_hive_ransomware_gangs_leak/"> <img src="https://external-preview.redd.it/KdzLsrg9cI_xPEzUTDZcRzrwaM1NCEBPlEzw30pG2KA.jpg?width=640&amp;crop=smart&amp;auto=webp&amp;s=1b984aa07abbac762325dfe8c01173325cc57e2f" alt="US announces it seized Hive ransomware gang's leak sites and decryption keys" title="US announces it seized Hive ransomware gang's leak sites and decryption keys" /> </a> </td><td> &#32; submitted by &#32; <a href="https://www.reddit.com/user/iingot"> /u/iingot </a> <br/> <span><a href="https://techcrunch.com/2023/01/26/united-states-hive-ransomware-seized/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10lxapk/us_announces_it_seized_hive_ransomware_gangs_leak/">[comments]</a></span> </td></tr></table></content><id>t3_10lxapk</id><media:thumbnail url="https://external-preview.redd.it/KdzLsrg9cI_xPEzUTDZcRzrwaM1NCEBPlEzw30pG2KA.jpg?width=640&crop=smart&auto=webp&s=1b984aa07abbac762325dfe8c01173325cc57e2f" /><link href="https://www.reddit.com/r/cybersecurity/comments/10lxapk/us_announces_it_seized_hive_ransomware_gangs_leak/" /><updated>2023-01-26T17:28:24+00:00</updated><published>2023-01-26T17:28:24+00:00</published><title>US announces it seized Hive ransomware gang's leak sites and decryption keys</title></entry><entry><author><name>/u/CptCuddleCakes</name><uri>https://www.reddit.com/user/CptCuddleCakes</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Hello,</p> <p>I&#39;m fairly new to pen testing ~ 6 months of working through junior pentester on THM and about 90% done. Have a basic understanding of networking yadda yadda.</p> <p>I don&#39;t expect to find anything, but ever since learning Burp Suite, I thought it would be important to see real world examples and to get out of the CTF style picture perfect set ups. </p> <p>Long story short, Company X offers free range for bug bounties and the thing I was testing was in scope and I figured great practice for me with Burp Suite. So I trimmed down to 50 promising sub domains and begin kinda just going through and researching along the way what some of the HTLM meant and tinkering with altering the packets etc</p> <p>Didn&#39;t find anything for like 6 hours but my last session of tinkering I found something I hadn&#39;t seen all day...</p> <p>When I captured a request that worked with a widget, I got this pretty bulky JavaScript code in the packet in plaintext.</p> <p>The programmers added a bunch of comments too it and it looks like a bunch of mumbo jumbo to me since I&#39;m a novice programmer but I noticed that there were references to GitHub with usernames source code links and even tables of hashes.</p> <p>Is this normal? Should I keep investigating this? Is it worth even mentioning to the company or will I get laughed at?</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/CptCuddleCakes"> /u/CptCuddleCakes </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n15tu/am_i_chasing_a_rabbit_js_in_plain_text/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n15tu/am_i_chasing_a_rabbit_js_in_plain_text/">[comments]</a></span></content><id>t3_10n15tu</id><link href="https://www.reddit.com/r/cybersecurity/comments/10n15tu/am_i_chasing_a_rabbit_js_in_plain_text/" /><updated>2023-01-28T00:34:42+00:00</updated><published>2023-01-28T00:34:42+00:00</published><title>Am I chasing a rabbit? (JS in plain text)</title></entry><entry><author><name>/u/Tabamon</name><uri>https://www.reddit.com/user/Tabamon</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Hello,</p> <p>I am looking to build a script to work as a scraper/gatherer for new IOCs (prefer file hashes, but interested in IPs and domains too)</p> <p>I was hoping to get a list of the best free threat intelligence feeds, so I can include them in the script, and then parse through the information.</p> <p>Any help is appreciated! Thank you.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Tabamon"> /u/Tabamon </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n0z2v/best_feeds_to_get_iocs/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10n0z2v/best_feeds_to_get_iocs/">[comments]</a></span></content><id>t3_10n0z2v</id><link href="https://www.reddit.com/r/cybersecurity/comments/10n0z2v/best_feeds_to_get_iocs/" /><updated>2023-01-28T00:26:40+00:00</updated><published>2023-01-28T00:26:40+00:00</published><title>Best feeds to get IOCs</title></entry><entry><author><name>/u/yogibear2190</name><uri>https://www.reddit.com/user/yogibear2190</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>The FBI and Justice Department took down the infrastructure of the <a href="https://therecord.media/tag/hive-ransomware/">Hive ransomware group</a> on Thursday, announcing that their agents had been inside the group’s systems since July 2022.</p> <p><a href="https://therecord.media/we-hacked-the-hackers-doj-fbi-take-down-hive-ransomware-after-spending-months-inside-gang-systems/">https://therecord.media/we-hacked-the-hackers-doj-fbi-take-down-hive-ransomware-after-spending-months-inside-gang-systems/</a></p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/yogibear2190"> /u/yogibear2190 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10lxeel/we_hacked_the_hackers_doj_fbi_take_down_hive/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10lxeel/we_hacked_the_hackers_doj_fbi_take_down_hive/">[comments]</a></span></content><id>t3_10lxeel</id><link href="https://www.reddit.com/r/cybersecurity/comments/10lxeel/we_hacked_the_hackers_doj_fbi_take_down_hive/" /><updated>2023-01-26T17:32:38+00:00</updated><published>2023-01-26T17:32:38+00:00</published><title>‘We hacked the hackers:’ DOJ, FBI take down Hive ransomware after spending months inside gang systems</title></entry><entry><author><name>/u/CHA--CHING</name><uri>https://www.reddit.com/user/CHA--CHING</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Backstory: I work for a banking institution that is bringing on a 3rd party vendor for payment processing.</p> <p>The vendor wants us to make a firewall rule to open our core banking system to be accessed through https directly. Normally, we have vendors send a router and we have a direct tunnel for them to send/receive. This doesn&#39;t sound right to me security wise. Am I missing something here? Thanks in advance.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/CHA--CHING"> /u/CHA--CHING </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10ms9lk/best_practices_question/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10ms9lk/best_practices_question/">[comments]</a></span></content><id>t3_10ms9lk</id><link href="https://www.reddit.com/r/cybersecurity/comments/10ms9lk/best_practices_question/" /><updated>2023-01-27T18:35:49+00:00</updated><published>2023-01-27T18:35:49+00:00</published><title>Best Practices Question</title></entry><entry><author><name>/u/jeepinat0r</name><uri>https://www.reddit.com/user/jeepinat0r</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>A user observed a hacker accessing her saved passwords in Chrome. At some point a splash screen came up and said “Working on an update. Do not restart your system”. Subsequently her Amazon account was hacked.</p> <p>Shame on her for saving passwords in browsers, but…. We reviewed her installed software and found nothing new nor suspicious. She also said she had not clicked on any suspicious links (of course).</p> <p>We are getting her PC back for forensics…. Any thoughts as to what we could look for other than recent sites visited? She was at home so no traffic logs available.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/jeepinat0r"> /u/jeepinat0r </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mjdx4/hacker_remotely_accessed_pc_with_no_obvious_app/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mjdx4/hacker_remotely_accessed_pc_with_no_obvious_app/">[comments]</a></span></content><id>t3_10mjdx4</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mjdx4/hacker_remotely_accessed_pc_with_no_obvious_app/" /><updated>2023-01-27T12:15:03+00:00</updated><published>2023-01-27T12:15:03+00:00</published><title>Hacker Remotely Accessed PC with No Obvious App</title></entry><entry><author><name>/u/yogibear2190</name><uri>https://www.reddit.com/user/yogibear2190</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Several ransomware experts lauded the FBI&#39;s Hive operation but questioned how effective it would be without arrests</p> <p><a href="https://therecord.media/ransomware-experts-laud-hive-takedown-but-question-impact-without-arrests/">https://therecord.media/ransomware-experts-laud-hive-takedown-but-question-impact-without-arrests/</a></p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/yogibear2190"> /u/yogibear2190 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mw339/ransomware_experts_laud_hive_takedown_but/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mw339/ransomware_experts_laud_hive_takedown_but/">[comments]</a></span></content><id>t3_10mw339</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mw339/ransomware_experts_laud_hive_takedown_but/" /><updated>2023-01-27T21:07:14+00:00</updated><published>2023-01-27T21:07:14+00:00</published><title>Ransomware experts laud Hive takedown but question impact without arrests</title></entry><entry><author><name>/u/yogibear2190</name><uri>https://www.reddit.com/user/yogibear2190</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Following the posting of an alleged database of customer information on a hacker forum, Target is denying that the data being sold on the dark web is current and says that the information was not taken directly from their systems. </p> <p><a href="https://therecord.media/target-says-data-sold-on-dark-web-is-outdated-likely-released-by-third-party/">https://therecord.media/target-says-data-sold-on-dark-web-is-outdated-likely-released-by-third-party/</a></p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/yogibear2190"> /u/yogibear2190 </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mw0hq/target_says_data_sold_on_dark_web_is_outdated/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mw0hq/target_says_data_sold_on_dark_web_is_outdated/">[comments]</a></span></content><id>t3_10mw0hq</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mw0hq/target_says_data_sold_on_dark_web_is_outdated/" /><updated>2023-01-27T21:04:14+00:00</updated><published>2023-01-27T21:04:14+00:00</published><title>Target says data sold on dark web is ‘outdated,’ likely ‘released by third party’</title></entry><entry><author><name>/u/Shnarf_Shnarf_</name><uri>https://www.reddit.com/user/Shnarf_Shnarf_</uri></author><category term="cybersecurity" label="r/cybersecurity"/><content type="html"><!-- SC_OFF --><div class="md"><p>Our cyber security team consists of just myself. Our company manages 15 tenants and growing. </p> <p>Currently manage all incidents response and remediation</p> <p>Leading the implementation,deployment, and adjust the rules of a new XDR</p> <p>Decommissioning our old SIEM and MDR</p> <p>Re-designing our end user training and how it’s implemented </p> <p>Create and implement IAM for each tenant</p> <p>Manage SSL certificates and renewal</p> <p>Manage the syncing of global address lists and cross tenant groups</p> <p>Make sure any new cve are patched and updated</p> <p>Implement a new EDR and decommission the old</p> <p>I am also expected to be onsite for one tenant for level one and two tickets. (Help desk not involved due to the service level agreement)</p> <p>I am new to Cyber Security I was internally promoted and all of our cybersecurity team has been leaving. I have informed management I do not have all the skills requested. </p> <p>I am falling behind. </p> <p>They are hiring for a senior cyber role which I am also in on the interviews oddly enough. I know help is on the way but overall there is a lot to catch up on for a new hire even. </p> <p>I try to work with other teams for support. Ask the vendors for support when I don’t know something. However being a internal promotion the other admins still see me as a low level help desk person and push my questions and concerns to the side. </p> <p>Can I do anything else or should I double down and keep trying and pushing for more support.</p> </div><!-- SC_ON --> &#32; submitted by &#32; <a href="https://www.reddit.com/user/Shnarf_Shnarf_"> /u/Shnarf_Shnarf_ </a> <br/> <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mq4nu/is_this_too_much/">[link]</a></span> &#32; <span><a href="https://www.reddit.com/r/cybersecurity/comments/10mq4nu/is_this_too_much/">[comments]</a></span></content><id>t3_10mq4nu</id><link href="https://www.reddit.com/r/cybersecurity/comments/10mq4nu/is_this_too_much/" /><updated>2023-01-27T17:11:10+00:00</updated><published>2023-01-27T17:11:10+00:00</published><title>Is this too much</title></entry></feed> |